Weekly Threat Report - 22nd May 2020
Older versions of the QTS operating system vulnerable
Users of the QTS operating system have been urged to ensure it is updated to the latest version.
A bug bounty report has found that QNAP NAS devices running older versions of the QTS operating system may be attacked through a number of vulnerabilities which, when chained together, would allow an attacker to gain remote access. The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case the most important aspect is to install the latest version of the QTS operating system.
It is good practice to always install and use the latest software version and update it regularly because these contain vital security fixes.
Further details of the vulnerabilities can be found in the report.
Advice issued following EasyJet cyber incident
Earlier this week, EasyJet revealed that it had suffered a cyber attack and was in the process of contacting affected customers.
In a statement, the company said that the email address and travel details of approximately 9 million customers were accessed. Credit card details of 2,208 customers were also accessed.
Compromised personal details can be used by hackers to create convincingly personalised scam emails, which can be hard to spot. EasyJet customers are encouraged to report any suspicious emails to the NCSC, using the Suspicious Email Reporting Service (SERS). We’d also recommend customers change the password to their EasyJet account – and if this password has been used anywhere else, change it there too. Setting a password that’s made up of three random words will make it stronger. Switching on two-factor authentication (2FA), where possible, will also help to secure your important accounts.
We've published advice to EasyJet customers. Anyone who thinks they have been a victim of online crime can report a cyber incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information visit www.actionfraud.police.uk.
Topics Cyber threat